speedguide.net  


Bluetooth vulnerability allows intercepting traffic

2019-08-16 16:54 by
Tags: ,

 

Researchers have discovered a major new security flaw in Bluetooth, which could leave millions of devices at risk of a malicious hack. The Bluetooth SIG, an organization that oversees the technology's standards, has issued a security notice for what the researchers are calling Key Negotiation of Bluetooth or KNOB attack.

"The KNOB attack can be conducted remotely or by maliciously modifying few bytes in one of the victim's Bluetooth firmware. Being a standard-compliant attack it is expected to be effective on any firmware implementing the Bluetooth specification, regardless of the Bluetooth version. The attacker is not required to possess any (pre-shared) secret material and he does not have to observe the pairing process of the victims," the paper says.

The researchers said they confirmed that KNOB affects 17 unique Bluetooth chips made by Qualcomm, Apple, Intel, and Chicony. Not every device is vulnerable, though. The flaw only applies to traditional Bluetooth devices (not Bluetooth Low Energy, which is frequently used in low-power devices like wearables), and some Bluetooth devices may have protection against it, if they have a hard-coded minimum password strength.

The organization behind Bluetooth can't fix the flaw, but it'll protect against it going forward by recommending that a minimum password length be implemented on vulnerable devices. Existing devices, meanwhile, should be getting patches if they haven't already – the researchers notified the Bluetooth SIG back in November 2018 of its findings. That's a long list, it turns out.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About